Dangerous "WCry" Ransomware Still Out There

Last Friday saw individuals and corporations the world over get infected by a dangerously fast spreading ransomware worm. Ransomware, if you’ll recall, is a type of malware that encrypts files behind a passcode that only the hacker knows instead of deleting them. Ransomware also typically seeks out and attacks backups, making it that much harder to recover from. This self-propagating malware hack hit some major institutions, including the UK’s National Healthcare Service which had to close clinics and ask people to only come to hospitals if there was an emergency, a major telecom provider in Spain, and closer to home, Fedex, which is based in Memphis, suffered at least a partial shipping disruption during the Mothers’ Day weekend.

This new piece of ransomware, called WCry, has an especially interesting backstory because by all accounts from top end security researchers, it is almost entirely based on a hack the NSA originally developed to break into a wide range of Windows systems. This hack was made public last month when a group known as the Shadow Brokers released a large number of programs it somehow stole from a NSA server. All the hackers who unleashed WCry on the world had to do was pair their own code up with this powerful bypass.

Oddly enough, Microsoft had already released a patch for this vulnerability, but often times larger organizations like hospitals are unable to quickly install patches for fear of breaking their extremely expensive, highly specialized applications that rely on running on an exactly specified version of Windows. In an unexpected move, Microsoft worked quickly to release a similar fix for versions of Windows it didn’t even officially support anymore, which just goes to show how serious this new ransomware attack was.

There was one bit of good news late last week. One security researcher managed to put a major dent into WCry’s initial spread by accidentally activating a server that told new installs of the ransomware to go dormant. While this did not help organizations that were already infected, it did significantly slow the spread of the worm and gave cybersecurity firms a brief window of calm to fight the threat. A new version of WCry was quickly released that did not go dormant, but it was quite the lucky break in the first place, and security experts expected the new version to quickly replace the old one. This new version is once again spreading and there is little to stop it from infecting unpatched Windows systems.

At ETV Software, we help manage and maintain the systems of several business in Tyler and the surrounding areas of East Texas. We have dealt with viruses and ransomware outbreaks similar to this latest one and can help your business get back on its feat if it is ever hit by such an attack. For more information, give us a call at 903.531.0377.